Sign in Subscribe

We Hack Robots

Anthony S. Clark

7 min read
We Hack Robots
The Rise of Smart-Hardware

We have gone through several ages in tech. These include, but aren't limited to:

  • The Age of the Internet
  • The Age of Mobile
  • The Age of the Cloud
  • Most recently the Age of AI

We are now entering the Age of Hardware. More on this later.

In 2024 the Red Crow Lab team reverse engineered and hacked over 30 smart hardware devices.  Through this process we have realized a few things:

  • There are only a few thousand high end hardware reverse engineers out there. Most of them are in government, defense contractors, or are security researchers, with quite a few hobbyists.
  • There isn't a formal, repeatable, and consistent process for hardware reverse engineering. Its really more of an intuitive art at this point.
  • Because of the lack of REs, many devices, maybe millions, are not being looked at in depth, leading to a huge number of extremely vulnerable pieces of hardware in operation in the world.


In response to this we have been training up hardware RE interns, have created a Process, and are developing tools to 10,000x the number of devices we can handle in a year.

This is  a particularly urgent need as we enter the Age of Hardware. We are seeing a series of changes in tech that are all converging in the hardware space, and which will make the lack of smart-hardware security an intolerable and dangerous situation.

Drones

https://www.atlanticcouncil.org/blogs/ukrainealert/outgunned-ukraine-bets-on-drones-as-russian-invasion-enters-third-year/

Ukraine has demonstrated that Drones and autonomous systems are the near future of warfare.

Thermite-Equipped Drones ("Dragon Drones")

Ukraine has deployed drones armed with thermite canisters. These "dragon drones" target Russian infantry concealed in wooded areas, forcing them into the open for subsequent attacks.

Advancements in Autonomous Drone Technology

Ukrainian forces are advancing towards more autonomous drone systems to reduce reliance on human operators. These developments reflect a field tested shift towards integrating automation in military operations.

Use of Sea Drones in Naval Warfare

Ukrainian sea drones have achieved notable successes, including the downing of a Russian Mi-8 military helicopter off the coast of Crimea.

AI Integration and Partnerships

In December 2024, Anduril partnered with OpenAI to enhance counter-drone systems for the U.S. military. Anduril has developed the Roadrunner, a modular, twin-turbojet-powered drone designed to intercept and neutralize enemy drones, missiles, and manned aircraft. In August 2024, Anduril raised $1.5 billion to develop and manufacture autonomous, AI-powered weapons. The funding enables the creation of a new manufacturing platform called Arsenal, designed to produce tens of thousands of autonomous weapons annually, addressing a critical weakness in U.S. military readiness exposed during recent conflicts.


SoCs and Chiplets

Chiplets

The semiconductor industry is in the midst of a major change, moving from monolitic systems to lower cost, smaller chiplets that can be combined for more targeted applications.  Cadence Design Systems, in collaboration with Arm Holdings, has developed an Arm-based system chiplet. The automotive industry is also embracing chiplet technology. Cadence and Arm have also introduced a chiplet-based reference design aimed at accelerating the development of software-defined vehicles. Renesas Electronics Corporation has launched a new generation of automotive fusion SoCs built with 3nm process technology.

All of these rely on firmware, drivers, interconnect management, task scheduling, and other software. SoCs often run full operating systems either Linux, Android, or RTOS based.

This will help enable a proliferation of smaller, lower cost, lower energy, smart-hardware across many industries.

Automotive

Smart Hardware in Cars

I don't need to say much here because everyone is aware, but smart hardware has become critical in automotive. I've recently heard some experts say that traditional auto-manufacturers will have to convert to becoming tech companies or risk collapse. Between Self Driving, multi-featured infotainment systems, voice assist, and connectivity options, automotive tech is getting wild. What will happen when Starlink is ubiquitous and cars are always connected?

I've watched Tesla put out a TON of job ads for cyber security engineers this year, more by far than I've seen in the past. This is a signal.

Its been 10 years since Charlie Miller and Chris Valasek famously hacked a Jeep through the vehicle's Uconnect infotainment system, allowing them to remotely take control of steering, braking, and acceleration. I myself have hacked numerous major automaker's telemetry systems.

But I have not seen much public innovation in the automotive cyber security space as regards to hardware hacking recently. Why is that?

Space

Space Sensors on the Rise

Companies like SpaceX have significantly decreased the cost and barriers to getting tech into space.  Miniaturization, CubeSats, and other innovations has had a major impact. This, in turn, has increased the proliferation of space sensing technologies being deployed on satellites. This tech uses smart hardware in a number of ways:

Autonomy and Real-Time Decision Making - Space missions often operate far from Earth, where communication delays can be significant. This requires smart systems on board that can handle some decision making and autonomous operations.

Precision and Efficiency in Sensing - Space sensing systems require high precision to detect faint signals and capture detailed data, such as spectroscopy for planetary atmospheres, imaging, signal processing, etc.

Data Processing at the Edge - Spacecraft generate vast amounts of raw data, but bandwidth limitations often make it impractical to transmit everything back to Earth. Smart hardware includes onboard processing capabilities, such as AI accelerators or specialized chips, to filter and compress data, perform initial on board analysis and prioritize transmission of the most critical findings.

Companies like Fleet Space Technologies, Myriota, Momentus Space, Ursa Space Systems are deploying a wide variety of technologies into space from SAR Imagery, to MET propulsion, to nanosats.

Who out there is providing Nation State level attack testing on these technologies? Because even we we aren't, our adversaries are.

Robots

The Rise of Robots

The Chinese company Unitree has released a $16,000 humanoid robot, the price of a used car. But they have also released at $1600 commodity quadruped robot. This robot uses Ubuntu, the open source Robot Operating System (ROS),  contains an array of sensors from cameras, ultrasonic sensors, LiDAR, to an IMU and supports WiFi, 4G, and Bluetooth for connectivity.

In the US we have Boston Dynamics, Ghost Robotics, Agility Robotics, Anybots, and a huge surge of competing robot companies. These robots have immediate applications in:

  • Industrial Automation
  • Healthcare and Medicine
  • Agriculture
  • Defense and Security
  • Logistics and Delivery
  • Retail and Customer Service
  • Exploration
  • Home Automation

I'm hearing a lot of Silicon Valley insiders talk about the massive disruption robotics is about to cause across many different industries.

The End is the Beginning


The End is the Beginning

I haven't even addressed things like medicine, OT/SCADA, the massive increase in GPU tech for AI/LLMs, or the home user IoT markets, but this article is getting long enough.

Its clear we are in the midst of an explosion of smart hardware across every sector, industry, and aspect of life. But while we are building all of these things at a breakneck pace, from what I can tell, we have not also included much in the way of security and security testing systems.

In traditional  software, as a response to a massive number of intrusions and losses, we have retrofitted security in the form of SAST/DAST in build pipelines, yearly penetration tests, EDR and IR. But its been a rocky road to do this after the fact.

Right now from what I can see hardware is 10-20 years behind in security.

I just hacked a number of modern, critical scientific instruments that primarily communicate over TELNET!

The next battleground for cyber is smart hardware attack and defense, and that war is approaching very quickly with perhaps more severe repercussions than we have experienced with the hacks of the past.  And we are severely unprepared.  To do a full tear down and in-dept attack of a piece of smart hardware can take months, and there are preciously few people with the skill level to do it.

This sector is dual use. As you figure out how to attack hardware, you also learn aspects needed to defend it. As you are helping industries secure their products, you can help the USG exploit adversary systems.

If you are an Anduril, a Tesla, a SpaceX, a Boston Dynamics, a Medtronic, you need to be partnering with pipe hitters in the hardware security space, right now, today, as well as building your internal programs.

My solutions are the following:

  • Automate the process, taking it from months to days or hours.
  • Push out a standardized, repeatable, and consistent approach to security testing hardware.
  • Integrate AI to accelerate and improve the hardware testing process.
  • Partner with vendors to get this approach integrated, now, before we face those consequences I mentioned earlier.
  • Train as many new hardware hackers and reverse engineers as possible.


That is what you will see out of Red Crow Lab in 2025.


Thanks for reading,

A.


Sign up for more like this.

Enter your email
Subscribe